General
-
Target
cf99e04344dbff1e4c803eb337ea95c1793a9de903f888bb6de2c03c22cc8531
-
Size
453KB
-
Sample
241104-zjkvtazkbk
-
MD5
6791778d10064ab0e77363dd8157a7f4
-
SHA1
a8a30fcad83acc942d560b583268702f2eddbef1
-
SHA256
cf99e04344dbff1e4c803eb337ea95c1793a9de903f888bb6de2c03c22cc8531
-
SHA512
6bf095e8e29f5fbbc168f005902d5a42519660c0271b01fc8a385570246e86c2368cbd48640b1b3a56abaebba9e4527e1c9b6bdb08209079d390d5f247ee1a13
-
SSDEEP
6144:MRzY0UUx+06LL4OZCY0fHlYESXVc6Y7Kms5120TuExwwOGgADEKcUU4ZoHuuvW:MRzYmmyHlYpX26Y2ry0TuSOGgSE2cRW
Static task
static1
Behavioral task
behavioral1
Sample
1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
redko
62.204.41.170:4179
-
auth_value
9bcf7b0620ff067017d66b9a5d80b547
Targets
-
-
Target
1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da.exe
-
Size
601KB
-
MD5
ea76a7437b2b5a9390a5c0b53966085e
-
SHA1
b755ffc6e3027d444de4cbd18361e360a3820232
-
SHA256
1ce750a2b863c4863b648ed0b3d0d90e87652d935e0616333d4c94e8d98143da
-
SHA512
18891d6be766e2a0af36e82eaebe8bfcdb233b23ba8226305b2f05161e45bd864789e821cea8899dfa56d4b715b60924b43126b09ca8dc98c67ce0328c40938b
-
SSDEEP
12288:goO8y8MS4ltkRc7h9fIcLHhvz1wAr57N63zt5uw39mORigrWh:gPcdR2IctvRwC572tmcrW
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1